North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Level3 routing issues?
- From: Christopher L. Morrow
- Date: Mon Jan 27 15:17:14 2003
On Mon, 27 Jan 2003, Scott Granados wrote:
> Alex, although technically correct, its not practical. How many end users
> vpn in from home from say a public ip on their dsl modem leaving
> themselves open to attack but now also having this connection back to the
> "Secure" inside network. Has anyone heard of any confirmed cases of this
I hate to blow a vendor's horn, BUT... checkpoint has atleast thought this
through with SecureClient. There is the ability to push down on the vpn
client a local security policy that SHOULD allow you to enforce corporate
network security policy on the remote system.
> On Mon, 27 Jan 2003 firstname.lastname@example.org wrote:
> > > > Note that in the case of a worm, a VPN could work against you. If you
> > > > have all the right filters in place at your "perimeter" and yet let
> > > > your employees in through a VPN solution of some sort, you could still
> > > > be screwed if one of their home systems gets infected somehow.
> > >
> > > So what you're saying is that a really good worm could infiltrate any secure
> > > network by targetting those who vpn from exterior sources, collect data, and
> > > then run? Hmmm. Wait a sec. Would that constitute a worm if it had purpose?
> > >
> > This is not correct. VPN simply extends security policy to a different
> > location. A VPN user must make sure that local security policy prevents
> > other traffic from entering VPN connection.
> > Alex